I've seen that there are similar questions, but none give a perfect answer to me.
I'm trying to set up two machines. One with LAMP and a platform (that works great) and it also handles the user db through LDAP.
On the other machine there is a portal (Liferay) and CAS should log me in to both the machine with the platform as well as the portal, using SSO.
Since this is a small testing environment that will not be put into production I've decided to use a self-signed certificate bound to an IP-address.
This does not work well for me. If I create a certificate.
keytool -genkey -alias certificate -keypass changeit -keyalg RSA
keytool -export -alias tomcat -keypass changeit -file %FILE_NAME%
keytool -import -alias tomcat -file %FILE_NAME% -keypass changeit -keystore %JAVA_HOME%/jre/lib/security/cacerts
I realize this doesn't work, and why so I found the command
-ext san=ip:10.0.0.1
However, this does not seem to work either.
In what step do i add the -ext part. Is it during the creation of the certificate or is it while exporting it to cacerts?
Best Answer
You should add the
-ext san=ip:10.0.0.1
while creating the certificate. Because, it's when you generate it that it will keep the SAN IP in the certificate details.Best Regards,